Visibility
As cloud platforms continue to add new services, it’s becoming more
difficult and impractical to ensure the apps running on them are
protected. Consider that you might be using multiple cloud platforms,
and that you have many separate accounts per platform, such as different
accounts per business unit or geography. You could easily have hundreds
of combinations of providers, accounts, and regions where cloud native
services are deployed.
Cloud Platform Compliance helps you centrally discover all the
cloud-native services used in AWS, Azure, and Google Cloud, across all
regions and accounts. Cloud Provider Compliance continuously monitors
these accounts, detects when new services are added, and reports which
services are unprotected. It can help you mitigate risks introduced by
rogue deployments, abandoned environments, and environments not
protected by Prisma Cloud.
Kubernetes has a rich RBAC model based around the notion of service and
cluster roles. This model is fundamental to the secure operation of the
entire cluster because these roles control access to resources and
services within namespaces and across the cluster. While these service
accounts can be manually inspected with kubectl, this manual approach
can be difficult to visualize and understand service account scope at
scale.
Prisma Cloud Radar provides a discovery and monitoring tool for service
accounts. Every service account associated with a resource in a cluster
can easily be inspected. For each account, Prisma Cloud shows detailed
metadata describing the resources it has access to and the level of
access it has to each of them. This visualization makes it easy for
security staff to understand role configuration, assess the level of
access provided to each service account, and mitigate risks associated
